Welcome to OVERNIGHT CYBERSECURITY, your daily rundown of the biggest news in the world of hacking and data privacy. We’re here to connect the dots as leaders in government, policy and industry try to counter the rise in cyber threats. What lies ahead for Congress, the administration and the latest company under siege? Whether you’re a consumer, a techie or a D.C. lifer, we’re here to give you…

THE BIG STORIES:

–A WALK TO REMEMBER: The Obama administration is preparing to publicly blame Iranian hackers for the 2013 cyberattack on a New York dam, according to U.S. officials familiar with the investigation. The Justice Department is preparing an indictment against the alleged hackers, CNN reports. The incident in question, revealed to the public in December, occurred amid a wave of Iranian hacks on U.S. banks and just three years after a computer worm believed to be built by the U.S. and Israel damaged nuclear infrastructure in Iran. Investigators said the hackers didn’t take control of the dam’s system but were probing its defenses. The White House was alerted when officials initially believed the intrusion occurred at a much larger facility in Oregon. The breach was still classified as of December, but it fits a pattern openly described by U.S. officials who warn that hackers from Russia, Iran and China are testing U.S. critical infrastructure networks for vulnerabilities. The Department of Justice has declined to comment, but the public attribution is seen as part of an Obama administration strategy in recent years to identify the countries and, if possible, the individuals behind cyberattacks as a means of deterrence. “The administration has converted to the idea that there has to be consequences for bad behavior and that they have to signal places like Iran about behaving in cyberspace,” said James Lewis, an international cybersecurity expert at the Center for Strategic and International Studies. To read our full piece, click here.

{mosads}–MESSAGE IN A BOTTLE: Sen. Steve Daines (R-Mont.) on Thursday bashed President Obama for taking years to blame Iran for the attack. “It is downright shameful that it has taken President Obama three years to denounce Iran for a malicious cybersecurity attack on our country while at the same time sitting at a negotiating table with them,” Daines said in a statement. The digital intrusion came to light just months after the U.S. and other world powers finalized a deal with Iran to roll back economic sanctions on the country in exchange for Tehran limiting its nuclear program. Republicans have roundly chided Obama for the pact, arguing it will strengthen Iran’s economy while failing to stop the country from acquiring nuclear weapons. Daines tied the nuclear deal to the delay in accusing Iran of carrying out the cyberattack. “This failure is undoubtedly linked to President Obama’s clouded judgment in ushering through his misguided deal with Iran, which has only endangered our national security,” he said. To read our full piece, click here.

–THE LONGEST RIDE: The Department of Justice on Thursday filed a new motion urging a federal judge in California to compel Apple to help the FBI unlock the iPhone of San Bernardino shooter Syed Rizwan Farook. “The government and the community need to know what is on the terrorist’s phone and the government needs Apple’s assistance to find out,” prosecutors wrote. The tech giant has primarily cast its decision to oppose the California court order as a defense of privacy rights — a position the Justice Department pushed back against in its filing. “Apple’s rhetoric is not only false, but also corrosive of the very institutions that are best able to safeguard our liberty and our rights: the courts, the Fourth Amendment, longstanding precedent and venerable laws, and the democratically elected branches of government,” prosecutors wrote. Meanwhile, a top Apple executive is warning the FBI could force the company to turn on users’ cameras and microphones to spy on them if it prevails in the court fight over the San Bernardino shooter’s iPhone. “Someday they will want [Apple] to turn on [a user’s] camera or microphone. We can’t do that now, but what if we’re forced to do that?” Apple senior vice president of Internet software and services Eddy Cue said to Univision. “Where will this stop? In a divorce case? In an immigration case? In a tax case? Some day, someone will be able to turn on a phone’s microphone. That should not happen in this country,” he continued. To read about the Justice Department’s filing, click here. To read about Cue’s comments, click here.

 

UPDATE ON CYBER POLICY:

–SAFE HAVEN. A new bipartisan Senate bill aims to give state and local governments access to the federal resources needed to combat cyber crime.

Sens. Gary Peters (D-Mich.) and David Perdue (R-Ga.) on Thursday introduced the State and Local Cyber Protection Act as a companion to a House bill Rep. Will Hurd (R-Texas) introduced in November.

The legislation, Peters said in a statement, “will help ensure all levels of government are equipped with the best practices and resources to counter cyber threats.”

Specifically, the measure directs the Department of Homeland Security’s (DHS) cyber hub — known as the National Cybersecurity and Communications Integration Center (NCCIC) — to share digital security tips with state and local governments.

To read our full piece, click here.

 

LIGHTER CLICK:

–THE BEST OF ME. Click Hole published a “full-page ad” Peyton Manning took out in a local paper to thank the people of Denver. It suspiciously reads like a bad phishing email.

“To the Fans;

I hope you are fine. I need your maximum help.

I am Mr Peytann Manning Qb , please assist me I am 39 years old male player & influential member in Natl Football League Of America for years greater than 18yrs. In such time I championed Super Bown x 2 and so I have gained funds in excess to US$ 400.000.000 millions.

Today is my retiring day & my football is ended by I am unfortunately locked inside a FALSE HOTEL in The U.K. (Europe).”

And so on… Read the full thing here.

–THE LAST SONG. Watch teens react to booting up an old Dell and using Windows 95, eliciting the expected befuddled comments, like, “How do you get on the Internet if there’s no Wi-Fi?”

 

WHAT’S IN THE SPOTLIGHT:

–THE BANGLADESH CENTRAL BANK. Unknown hackers last month made off with $80 million from the Bangladesh central bank, one of the largest bank thefts of all time. But it could have been much worse. A simple spelling mistake was what got in the way of the heist turning into a $1 billion cash grab that spread all the way to the New York Fed.

Read on at Reuters to find out how a typo prevented the massive economic damage.

 

A REPORT IN FOCUS:

–THE NOTEBOOK. Two executives at data risk management firm IDT911 grade the data privacy and cybersecurity plans for each remaining presidential candidate. No one’s a great student, apparently.

-Hillary Clinton: C / C

-Bernie Sanders: C+ / D

-Marco Rubio: D+ / B–

-Donald Trump: C– / C+

-Ted Cruz: C– / C–

Get the full results here. 

 

IN CASE YOU MISSED IT:

Links from our blog, The Hill, and around the Web.

Read about the secret life of the man claiming to be Dread Pirate Roberts 2, the creator of the second Silk Road drug marketplace. (Motherboard)

European Union regulators will release data from their year-long inquiry into barriers to cross-border e-commerce next week, the 28-nation bloc’s antitrust chief said on Thursday. (Reuters)

FireEye’s Mandiant forensics division is helping investigate a cyber heist at Bangladesh’s central bank last month that netted more than $80 million. (Reuters)

How Tibetans are fighting back against Chinese hackers. (Motherboard)

A spelling mistake in an online bank transfer instruction helped prevent a nearly $1 billion heist last month involving the Bangladesh central bank and the New York Fed, banking officials said. (Reuters)

A new software project designed to make secret backdoor software updates nearly impossible is offering to help Apple ensure that any secret court orders to backdoor its software cannot escape public scrutiny. (Ars Technica)

Machine learning will underpin many new cybersecurity startups as companies look for ways to sift through massive piles of data, quickly detect strange activity and act accordingly. (The Wall Street Journal)

If you’d like to receive our newsletter in your inbox, please sign up here: http://goo.gl/KZ0b4A